| Browser cache is mainly used to speed up the request procession of network resources in order to achieve good user experience.Attackers can implement cache pollution attack via man-in-the-middle attacks.Firstly,a persistent cache pollution attack mode based on Zipf's law is proposed.The general defense strategies against browser cache pollution cannot cover different types of network attack.We propose a flexible browser cache pollution defense strategy,which is deployed between the client and the server.The strategy includes several judgement methods: random number,request-response delay,the popularity of resource,hash verification and crowdsourcing strategy.In experiments,200 JavaScript files are chosen as samples and 100 of them are polluted via man-in-the-middle simulation experiment.The hit-rate of polluted resource and the false positive rate of normal samples are analyzed.The network delay is also measured when users request samples under different defense strategies against browser cache pollution.The results indicate that the hit-rate is 87% and the false positive rate is 0% under loose conditions.While the hit-rate increases to 95% and the false positive rate increases to 4% under strict conditions.The total request-response delay under two conditions are 5277 ms and 6013 ms,which are less than the time required by resource reloading.Most of polluted samples are detected in less time.An optimization algorithm based on support vector machine is proposed to decrease the leakage rate of pollution samples.The strategy simplifies the process of cache pollution prevention.It also makes tradeoff between the security and usability with different parameters to satisfy different users. |
PDF Full Text Request